Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2016-10540 | Improper Input Validation vulnerability in Minimatch Project Minimatch Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. | 7.5 |
| 2018-05-31 | CVE-2016-10539 | Improper Input Validation vulnerability in Negotiator Project Negotiator negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. | 7.5 |
| 2018-05-31 | CVE-2016-10533 | Information Exposure vulnerability in Express-Restify-Mongoose Project Express-Restify-Mongoose express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. | 8.8 |
| 2018-05-31 | CVE-2016-10529 | Cross-Site Request Forgery (CSRF) vulnerability in Droppy Project Droppy Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. | 8.8 |
| 2018-05-31 | CVE-2016-10527 | Resource Management Errors vulnerability in Riot.Js Riot-Compiler 2.3.21 The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions. | 7.5 |
| 2018-05-31 | CVE-2016-10526 | Information Exposure Through Log Files vulnerability in Grunt-Gh-Pages Project Grunt-Gh-Pages A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. | 8.6 |
| 2018-05-31 | CVE-2016-10524 | Resource Exhaustion vulnerability in I18N-Node-Angular Project I18N-Node-Angular i18n-node-angular is a module used to interact between i18n and angular without using additional resources. | 8.2 |
| 2018-05-31 | CVE-2016-10523 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mqtt-Packet Project Mqtt-Packet 4.0.0 MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. | 7.5 |
| 2018-05-31 | CVE-2016-10521 | Improper Input Validation vulnerability in Jshamcrest Project Jshamcrest 0.6.7/0.7.0/0.7.1 jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | 7.5 |
| 2018-05-31 | CVE-2016-10520 | Improper Input Validation vulnerability in Jadedown Project Jadedown 0.0.1/0.0.2/0.0.3 jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | 7.5 |